The Cyber Defence Forces announced that they had detected a “security incident” that resulted in unauthorized access to the official, unclassified email account of a member of the Polish Armed Forces. Put simply, someone took over the soldier’s email account. Even more concerning, the incident did not end there – the compromised account was later used to carry out phishing attacks. The case has raised serious questions about cybersecurity within the military.
According to the military command, the incident resulted from what it described as a “targeted social engineering attack directed at a specific user.” The military emphasized that no classified information was processed through the compromised mailbox, which was used exclusively for official unclassified correspondence.
Nevertheless, official military correspondence fell into unauthorized hands.
After gaining access to the account, the attacker used it to launch a phishing campaign targeting organizations both in Poland and abroad. Cybersecurity teams responsible for the affected institutions were notified of the attacks.
The Incident Response Team of the Cyber Defence Component Command (DKWOC) carried out a comprehensive technical analysis of the secured digital evidence and undertook measures aimed at fully determining the causes and scope of the incident while limiting its consequences.
“The Incident Response Team of the Cyber Defence Component Command (DKWOC) conducted comprehensive technical analyses of the secured digital evidence and implemented measures to fully determine the causes and scope of the incident, as well as to mitigate its impact,” the Cyber Defence Forces stated.
